Much of the coverage we’ve seen so far has focused on the sheer size of the breach: one BILLION user records!

But there was also the worrying matter of what sounded like an additional breach, in 2015/2016, by means of which crooks were able to get hold of authentication tokens (login cookies) for existing sessions.

That meant that they could hijack the connections of users who were already logged in, thereby getting access to some accounts without even needing a password.

We cover all of this and more in the video:

By the way we’d still love to hear your comments and questions and will continue answering them online, so please don’t think that questions are closed now that the video is published.

You can reply on Facebook itself or in the Naked Security comments below – we look forward to hearing from you.

One comment on “Yahoo breach: your questions answered in our Facebook Live video”

I told my wife to close her account when the last breach was reported. Thank goodness she did.
Governments should be holding executives accountable (fines & jail time) for these lapses in security as the executives (and not the shareholders) are the ones that made the decisions about not addressing security